omnibase_infra 0.2.6__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- omnibase_infra/__init__.py +101 -0
- omnibase_infra/adapters/adapter_onex_tool_execution.py +451 -0
- omnibase_infra/capabilities/__init__.py +15 -0
- omnibase_infra/capabilities/capability_inference_rules.py +211 -0
- omnibase_infra/capabilities/contract_capability_extractor.py +221 -0
- omnibase_infra/capabilities/intent_type_extractor.py +160 -0
- omnibase_infra/cli/__init__.py +1 -0
- omnibase_infra/cli/commands.py +216 -0
- omnibase_infra/clients/__init__.py +0 -0
- omnibase_infra/configs/widget_mapping.yaml +176 -0
- omnibase_infra/constants_topic_patterns.py +26 -0
- omnibase_infra/contracts/handlers/filesystem/handler_contract.yaml +264 -0
- omnibase_infra/contracts/handlers/mcp/handler_contract.yaml +141 -0
- omnibase_infra/decorators/__init__.py +29 -0
- omnibase_infra/decorators/allow_any.py +109 -0
- omnibase_infra/dlq/__init__.py +90 -0
- omnibase_infra/dlq/constants_dlq.py +57 -0
- omnibase_infra/dlq/models/__init__.py +26 -0
- omnibase_infra/dlq/models/enum_replay_status.py +37 -0
- omnibase_infra/dlq/models/model_dlq_replay_record.py +135 -0
- omnibase_infra/dlq/models/model_dlq_tracking_config.py +184 -0
- omnibase_infra/dlq/service_dlq_tracking.py +611 -0
- omnibase_infra/enums/__init__.py +132 -0
- omnibase_infra/enums/enum_any_type_violation.py +104 -0
- omnibase_infra/enums/enum_backend_type.py +27 -0
- omnibase_infra/enums/enum_capture_outcome.py +42 -0
- omnibase_infra/enums/enum_capture_state.py +88 -0
- omnibase_infra/enums/enum_chain_violation_type.py +119 -0
- omnibase_infra/enums/enum_circuit_state.py +51 -0
- omnibase_infra/enums/enum_confirmation_event_type.py +27 -0
- omnibase_infra/enums/enum_consumer_group_purpose.py +92 -0
- omnibase_infra/enums/enum_contract_type.py +84 -0
- omnibase_infra/enums/enum_dedupe_strategy.py +46 -0
- omnibase_infra/enums/enum_dispatch_status.py +191 -0
- omnibase_infra/enums/enum_environment.py +46 -0
- omnibase_infra/enums/enum_execution_shape_violation.py +103 -0
- omnibase_infra/enums/enum_handler_error_type.py +111 -0
- omnibase_infra/enums/enum_handler_loader_error.py +178 -0
- omnibase_infra/enums/enum_handler_source_mode.py +86 -0
- omnibase_infra/enums/enum_handler_source_type.py +87 -0
- omnibase_infra/enums/enum_handler_type.py +77 -0
- omnibase_infra/enums/enum_handler_type_category.py +61 -0
- omnibase_infra/enums/enum_infra_transport_type.py +73 -0
- omnibase_infra/enums/enum_introspection_reason.py +154 -0
- omnibase_infra/enums/enum_kafka_acks.py +99 -0
- omnibase_infra/enums/enum_message_category.py +213 -0
- omnibase_infra/enums/enum_node_archetype.py +74 -0
- omnibase_infra/enums/enum_node_output_type.py +185 -0
- omnibase_infra/enums/enum_non_retryable_error_category.py +224 -0
- omnibase_infra/enums/enum_policy_type.py +32 -0
- omnibase_infra/enums/enum_registration_state.py +261 -0
- omnibase_infra/enums/enum_registration_status.py +33 -0
- omnibase_infra/enums/enum_registry_response_status.py +28 -0
- omnibase_infra/enums/enum_response_status.py +26 -0
- omnibase_infra/enums/enum_retry_error_category.py +98 -0
- omnibase_infra/enums/enum_security_rule_id.py +103 -0
- omnibase_infra/enums/enum_selection_strategy.py +91 -0
- omnibase_infra/enums/enum_topic_standard.py +42 -0
- omnibase_infra/enums/enum_validation_severity.py +78 -0
- omnibase_infra/errors/__init__.py +160 -0
- omnibase_infra/errors/error_architecture_violation.py +152 -0
- omnibase_infra/errors/error_binding_resolution.py +128 -0
- omnibase_infra/errors/error_chain_propagation.py +188 -0
- omnibase_infra/errors/error_compute_registry.py +95 -0
- omnibase_infra/errors/error_consul.py +132 -0
- omnibase_infra/errors/error_container_wiring.py +243 -0
- omnibase_infra/errors/error_event_bus_registry.py +105 -0
- omnibase_infra/errors/error_infra.py +610 -0
- omnibase_infra/errors/error_message_type_registry.py +101 -0
- omnibase_infra/errors/error_policy_registry.py +115 -0
- omnibase_infra/errors/error_vault.py +123 -0
- omnibase_infra/event_bus/__init__.py +72 -0
- omnibase_infra/event_bus/configs/kafka_event_bus_config.yaml +84 -0
- omnibase_infra/event_bus/event_bus_inmemory.py +797 -0
- omnibase_infra/event_bus/event_bus_kafka.py +1716 -0
- omnibase_infra/event_bus/mixin_kafka_broadcast.py +180 -0
- omnibase_infra/event_bus/mixin_kafka_dlq.py +771 -0
- omnibase_infra/event_bus/models/__init__.py +29 -0
- omnibase_infra/event_bus/models/config/__init__.py +20 -0
- omnibase_infra/event_bus/models/config/model_kafka_event_bus_config.py +693 -0
- omnibase_infra/event_bus/models/model_dlq_event.py +206 -0
- omnibase_infra/event_bus/models/model_dlq_metrics.py +304 -0
- omnibase_infra/event_bus/models/model_event_headers.py +115 -0
- omnibase_infra/event_bus/models/model_event_message.py +60 -0
- omnibase_infra/event_bus/testing/__init__.py +26 -0
- omnibase_infra/event_bus/testing/adapter_protocol_event_publisher_inmemory.py +418 -0
- omnibase_infra/event_bus/testing/model_publisher_metrics.py +64 -0
- omnibase_infra/event_bus/topic_constants.py +376 -0
- omnibase_infra/handlers/__init__.py +82 -0
- omnibase_infra/handlers/filesystem/__init__.py +48 -0
- omnibase_infra/handlers/filesystem/enum_file_system_operation.py +35 -0
- omnibase_infra/handlers/filesystem/model_file_system_request.py +298 -0
- omnibase_infra/handlers/filesystem/model_file_system_result.py +166 -0
- omnibase_infra/handlers/handler_consul.py +795 -0
- omnibase_infra/handlers/handler_db.py +1046 -0
- omnibase_infra/handlers/handler_filesystem.py +1478 -0
- omnibase_infra/handlers/handler_graph.py +2015 -0
- omnibase_infra/handlers/handler_http.py +926 -0
- omnibase_infra/handlers/handler_intent.py +387 -0
- omnibase_infra/handlers/handler_manifest_persistence.contract.yaml +184 -0
- omnibase_infra/handlers/handler_manifest_persistence.py +1539 -0
- omnibase_infra/handlers/handler_mcp.py +1430 -0
- omnibase_infra/handlers/handler_qdrant.py +1076 -0
- omnibase_infra/handlers/handler_vault.py +428 -0
- omnibase_infra/handlers/mcp/__init__.py +19 -0
- omnibase_infra/handlers/mcp/adapter_onex_to_mcp.py +446 -0
- omnibase_infra/handlers/mcp/protocols.py +178 -0
- omnibase_infra/handlers/mcp/transport_streamable_http.py +352 -0
- omnibase_infra/handlers/mixins/__init__.py +47 -0
- omnibase_infra/handlers/mixins/mixin_consul_initialization.py +349 -0
- omnibase_infra/handlers/mixins/mixin_consul_kv.py +338 -0
- omnibase_infra/handlers/mixins/mixin_consul_service.py +542 -0
- omnibase_infra/handlers/mixins/mixin_consul_topic_index.py +585 -0
- omnibase_infra/handlers/mixins/mixin_vault_initialization.py +338 -0
- omnibase_infra/handlers/mixins/mixin_vault_retry.py +412 -0
- omnibase_infra/handlers/mixins/mixin_vault_secrets.py +450 -0
- omnibase_infra/handlers/mixins/mixin_vault_token.py +365 -0
- omnibase_infra/handlers/models/__init__.py +286 -0
- omnibase_infra/handlers/models/consul/__init__.py +81 -0
- omnibase_infra/handlers/models/consul/enum_consul_operation_type.py +57 -0
- omnibase_infra/handlers/models/consul/model_consul_deregister_payload.py +51 -0
- omnibase_infra/handlers/models/consul/model_consul_handler_config.py +153 -0
- omnibase_infra/handlers/models/consul/model_consul_handler_payload.py +89 -0
- omnibase_infra/handlers/models/consul/model_consul_kv_get_found_payload.py +55 -0
- omnibase_infra/handlers/models/consul/model_consul_kv_get_not_found_payload.py +49 -0
- omnibase_infra/handlers/models/consul/model_consul_kv_get_recurse_payload.py +50 -0
- omnibase_infra/handlers/models/consul/model_consul_kv_item.py +33 -0
- omnibase_infra/handlers/models/consul/model_consul_kv_put_payload.py +41 -0
- omnibase_infra/handlers/models/consul/model_consul_register_payload.py +53 -0
- omnibase_infra/handlers/models/consul/model_consul_retry_config.py +66 -0
- omnibase_infra/handlers/models/consul/model_payload_consul.py +66 -0
- omnibase_infra/handlers/models/consul/registry_payload_consul.py +214 -0
- omnibase_infra/handlers/models/graph/__init__.py +35 -0
- omnibase_infra/handlers/models/graph/enum_graph_operation_type.py +20 -0
- omnibase_infra/handlers/models/graph/model_graph_execute_payload.py +38 -0
- omnibase_infra/handlers/models/graph/model_graph_handler_config.py +54 -0
- omnibase_infra/handlers/models/graph/model_graph_handler_payload.py +44 -0
- omnibase_infra/handlers/models/graph/model_graph_query_payload.py +40 -0
- omnibase_infra/handlers/models/graph/model_graph_record.py +22 -0
- omnibase_infra/handlers/models/http/__init__.py +50 -0
- omnibase_infra/handlers/models/http/enum_http_operation_type.py +29 -0
- omnibase_infra/handlers/models/http/model_http_body_content.py +45 -0
- omnibase_infra/handlers/models/http/model_http_get_payload.py +88 -0
- omnibase_infra/handlers/models/http/model_http_handler_payload.py +90 -0
- omnibase_infra/handlers/models/http/model_http_post_payload.py +88 -0
- omnibase_infra/handlers/models/http/model_payload_http.py +66 -0
- omnibase_infra/handlers/models/http/registry_payload_http.py +212 -0
- omnibase_infra/handlers/models/mcp/__init__.py +23 -0
- omnibase_infra/handlers/models/mcp/enum_mcp_operation_type.py +24 -0
- omnibase_infra/handlers/models/mcp/model_mcp_handler_config.py +40 -0
- omnibase_infra/handlers/models/mcp/model_mcp_tool_call.py +32 -0
- omnibase_infra/handlers/models/mcp/model_mcp_tool_result.py +45 -0
- omnibase_infra/handlers/models/model_consul_handler_response.py +96 -0
- omnibase_infra/handlers/models/model_db_describe_response.py +83 -0
- omnibase_infra/handlers/models/model_db_query_payload.py +95 -0
- omnibase_infra/handlers/models/model_db_query_response.py +60 -0
- omnibase_infra/handlers/models/model_filesystem_config.py +98 -0
- omnibase_infra/handlers/models/model_filesystem_delete_payload.py +54 -0
- omnibase_infra/handlers/models/model_filesystem_delete_result.py +77 -0
- omnibase_infra/handlers/models/model_filesystem_directory_entry.py +75 -0
- omnibase_infra/handlers/models/model_filesystem_ensure_directory_payload.py +54 -0
- omnibase_infra/handlers/models/model_filesystem_ensure_directory_result.py +60 -0
- omnibase_infra/handlers/models/model_filesystem_list_directory_payload.py +60 -0
- omnibase_infra/handlers/models/model_filesystem_list_directory_result.py +68 -0
- omnibase_infra/handlers/models/model_filesystem_read_payload.py +62 -0
- omnibase_infra/handlers/models/model_filesystem_read_result.py +61 -0
- omnibase_infra/handlers/models/model_filesystem_write_payload.py +70 -0
- omnibase_infra/handlers/models/model_filesystem_write_result.py +55 -0
- omnibase_infra/handlers/models/model_graph_handler_response.py +98 -0
- omnibase_infra/handlers/models/model_handler_response.py +103 -0
- omnibase_infra/handlers/models/model_http_handler_response.py +101 -0
- omnibase_infra/handlers/models/model_manifest_metadata.py +75 -0
- omnibase_infra/handlers/models/model_manifest_persistence_config.py +62 -0
- omnibase_infra/handlers/models/model_manifest_query_payload.py +90 -0
- omnibase_infra/handlers/models/model_manifest_query_result.py +97 -0
- omnibase_infra/handlers/models/model_manifest_retrieve_payload.py +44 -0
- omnibase_infra/handlers/models/model_manifest_retrieve_result.py +98 -0
- omnibase_infra/handlers/models/model_manifest_store_payload.py +47 -0
- omnibase_infra/handlers/models/model_manifest_store_result.py +67 -0
- omnibase_infra/handlers/models/model_operation_context.py +187 -0
- omnibase_infra/handlers/models/model_qdrant_handler_response.py +98 -0
- omnibase_infra/handlers/models/model_retry_state.py +162 -0
- omnibase_infra/handlers/models/model_vault_handler_response.py +98 -0
- omnibase_infra/handlers/models/qdrant/__init__.py +44 -0
- omnibase_infra/handlers/models/qdrant/enum_qdrant_operation_type.py +26 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_collection_payload.py +42 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_delete_payload.py +36 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_handler_config.py +42 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_handler_payload.py +54 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_search_payload.py +42 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_search_result.py +30 -0
- omnibase_infra/handlers/models/qdrant/model_qdrant_upsert_payload.py +36 -0
- omnibase_infra/handlers/models/vault/__init__.py +69 -0
- omnibase_infra/handlers/models/vault/enum_vault_operation_type.py +35 -0
- omnibase_infra/handlers/models/vault/model_payload_vault.py +66 -0
- omnibase_infra/handlers/models/vault/model_vault_delete_payload.py +57 -0
- omnibase_infra/handlers/models/vault/model_vault_handler_config.py +148 -0
- omnibase_infra/handlers/models/vault/model_vault_handler_payload.py +101 -0
- omnibase_infra/handlers/models/vault/model_vault_list_payload.py +58 -0
- omnibase_infra/handlers/models/vault/model_vault_renew_token_payload.py +67 -0
- omnibase_infra/handlers/models/vault/model_vault_retry_config.py +66 -0
- omnibase_infra/handlers/models/vault/model_vault_secret_payload.py +106 -0
- omnibase_infra/handlers/models/vault/model_vault_write_payload.py +66 -0
- omnibase_infra/handlers/models/vault/registry_payload_vault.py +213 -0
- omnibase_infra/handlers/registration_storage/__init__.py +43 -0
- omnibase_infra/handlers/registration_storage/handler_registration_storage_mock.py +392 -0
- omnibase_infra/handlers/registration_storage/handler_registration_storage_postgres.py +922 -0
- omnibase_infra/handlers/registration_storage/models/__init__.py +23 -0
- omnibase_infra/handlers/registration_storage/models/model_delete_registration_request.py +58 -0
- omnibase_infra/handlers/registration_storage/models/model_update_registration_request.py +73 -0
- omnibase_infra/handlers/registration_storage/protocol_registration_persistence.py +191 -0
- omnibase_infra/handlers/service_discovery/__init__.py +43 -0
- omnibase_infra/handlers/service_discovery/handler_service_discovery_consul.py +1051 -0
- omnibase_infra/handlers/service_discovery/handler_service_discovery_mock.py +258 -0
- omnibase_infra/handlers/service_discovery/models/__init__.py +22 -0
- omnibase_infra/handlers/service_discovery/models/model_discovery_result.py +64 -0
- omnibase_infra/handlers/service_discovery/models/model_registration_result.py +138 -0
- omnibase_infra/handlers/service_discovery/models/model_service_info.py +109 -0
- omnibase_infra/handlers/service_discovery/protocol_discovery_operations.py +170 -0
- omnibase_infra/idempotency/__init__.py +94 -0
- omnibase_infra/idempotency/models/__init__.py +43 -0
- omnibase_infra/idempotency/models/model_idempotency_check_result.py +85 -0
- omnibase_infra/idempotency/models/model_idempotency_guard_config.py +130 -0
- omnibase_infra/idempotency/models/model_idempotency_record.py +86 -0
- omnibase_infra/idempotency/models/model_idempotency_store_health_check_result.py +81 -0
- omnibase_infra/idempotency/models/model_idempotency_store_metrics.py +140 -0
- omnibase_infra/idempotency/models/model_postgres_idempotency_store_config.py +299 -0
- omnibase_infra/idempotency/protocol_idempotency_store.py +184 -0
- omnibase_infra/idempotency/store_inmemory.py +265 -0
- omnibase_infra/idempotency/store_postgres.py +923 -0
- omnibase_infra/infrastructure/__init__.py +0 -0
- omnibase_infra/migrations/001_create_event_ledger.sql +166 -0
- omnibase_infra/migrations/001_drop_event_ledger.sql +18 -0
- omnibase_infra/mixins/__init__.py +71 -0
- omnibase_infra/mixins/mixin_async_circuit_breaker.py +656 -0
- omnibase_infra/mixins/mixin_dict_like_accessors.py +146 -0
- omnibase_infra/mixins/mixin_envelope_extraction.py +119 -0
- omnibase_infra/mixins/mixin_node_introspection.py +2670 -0
- omnibase_infra/mixins/mixin_retry_execution.py +386 -0
- omnibase_infra/mixins/protocol_circuit_breaker_aware.py +133 -0
- omnibase_infra/models/__init__.py +144 -0
- omnibase_infra/models/bindings/__init__.py +59 -0
- omnibase_infra/models/bindings/constants.py +144 -0
- omnibase_infra/models/bindings/model_binding_resolution_result.py +103 -0
- omnibase_infra/models/bindings/model_operation_binding.py +44 -0
- omnibase_infra/models/bindings/model_operation_bindings_subcontract.py +152 -0
- omnibase_infra/models/bindings/model_parsed_binding.py +52 -0
- omnibase_infra/models/corpus/__init__.py +17 -0
- omnibase_infra/models/corpus/model_capture_config.py +133 -0
- omnibase_infra/models/corpus/model_capture_result.py +86 -0
- omnibase_infra/models/discovery/__init__.py +42 -0
- omnibase_infra/models/discovery/model_dependency_spec.py +319 -0
- omnibase_infra/models/discovery/model_discovered_capabilities.py +50 -0
- omnibase_infra/models/discovery/model_introspection_config.py +330 -0
- omnibase_infra/models/discovery/model_introspection_performance_metrics.py +169 -0
- omnibase_infra/models/discovery/model_introspection_task_config.py +116 -0
- omnibase_infra/models/dispatch/__init__.py +155 -0
- omnibase_infra/models/dispatch/model_debug_trace_snapshot.py +114 -0
- omnibase_infra/models/dispatch/model_dispatch_context.py +439 -0
- omnibase_infra/models/dispatch/model_dispatch_error.py +336 -0
- omnibase_infra/models/dispatch/model_dispatch_log_context.py +400 -0
- omnibase_infra/models/dispatch/model_dispatch_metadata.py +228 -0
- omnibase_infra/models/dispatch/model_dispatch_metrics.py +496 -0
- omnibase_infra/models/dispatch/model_dispatch_outcome.py +317 -0
- omnibase_infra/models/dispatch/model_dispatch_outputs.py +231 -0
- omnibase_infra/models/dispatch/model_dispatch_result.py +436 -0
- omnibase_infra/models/dispatch/model_dispatch_route.py +279 -0
- omnibase_infra/models/dispatch/model_dispatcher_metrics.py +275 -0
- omnibase_infra/models/dispatch/model_dispatcher_registration.py +352 -0
- omnibase_infra/models/dispatch/model_materialized_dispatch.py +141 -0
- omnibase_infra/models/dispatch/model_parsed_topic.py +135 -0
- omnibase_infra/models/dispatch/model_topic_parser.py +725 -0
- omnibase_infra/models/dispatch/model_tracing_context.py +285 -0
- omnibase_infra/models/errors/__init__.py +45 -0
- omnibase_infra/models/errors/model_handler_validation_error.py +594 -0
- omnibase_infra/models/errors/model_infra_error_context.py +99 -0
- omnibase_infra/models/errors/model_message_type_registry_error_context.py +71 -0
- omnibase_infra/models/errors/model_timeout_error_context.py +110 -0
- omnibase_infra/models/handlers/__init__.py +80 -0
- omnibase_infra/models/handlers/model_bootstrap_handler_descriptor.py +162 -0
- omnibase_infra/models/handlers/model_contract_discovery_result.py +82 -0
- omnibase_infra/models/handlers/model_handler_descriptor.py +200 -0
- omnibase_infra/models/handlers/model_handler_identifier.py +215 -0
- omnibase_infra/models/handlers/model_handler_source_config.py +220 -0
- omnibase_infra/models/health/__init__.py +9 -0
- omnibase_infra/models/health/model_health_check_result.py +40 -0
- omnibase_infra/models/lifecycle/__init__.py +39 -0
- omnibase_infra/models/logging/__init__.py +51 -0
- omnibase_infra/models/logging/model_log_context.py +756 -0
- omnibase_infra/models/mcp/__init__.py +15 -0
- omnibase_infra/models/mcp/model_mcp_contract_config.py +80 -0
- omnibase_infra/models/mcp/model_mcp_server_config.py +67 -0
- omnibase_infra/models/mcp/model_mcp_tool_definition.py +73 -0
- omnibase_infra/models/mcp/model_mcp_tool_parameter.py +35 -0
- omnibase_infra/models/model_node_identity.py +126 -0
- omnibase_infra/models/model_retry_error_classification.py +78 -0
- omnibase_infra/models/projection/__init__.py +43 -0
- omnibase_infra/models/projection/model_capability_fields.py +112 -0
- omnibase_infra/models/projection/model_registration_projection.py +434 -0
- omnibase_infra/models/projection/model_registration_snapshot.py +322 -0
- omnibase_infra/models/projection/model_sequence_info.py +182 -0
- omnibase_infra/models/projection/model_snapshot_topic_config.py +591 -0
- omnibase_infra/models/projectors/__init__.py +41 -0
- omnibase_infra/models/projectors/model_projector_column.py +289 -0
- omnibase_infra/models/projectors/model_projector_discovery_result.py +65 -0
- omnibase_infra/models/projectors/model_projector_index.py +270 -0
- omnibase_infra/models/projectors/model_projector_schema.py +415 -0
- omnibase_infra/models/projectors/model_projector_validation_error.py +63 -0
- omnibase_infra/models/projectors/util_sql_identifiers.py +115 -0
- omnibase_infra/models/registration/__init__.py +68 -0
- omnibase_infra/models/registration/commands/__init__.py +15 -0
- omnibase_infra/models/registration/commands/model_node_registration_acked.py +108 -0
- omnibase_infra/models/registration/events/__init__.py +56 -0
- omnibase_infra/models/registration/events/model_node_became_active.py +103 -0
- omnibase_infra/models/registration/events/model_node_liveness_expired.py +103 -0
- omnibase_infra/models/registration/events/model_node_registration_accepted.py +98 -0
- omnibase_infra/models/registration/events/model_node_registration_ack_received.py +98 -0
- omnibase_infra/models/registration/events/model_node_registration_ack_timed_out.py +112 -0
- omnibase_infra/models/registration/events/model_node_registration_initiated.py +107 -0
- omnibase_infra/models/registration/events/model_node_registration_rejected.py +104 -0
- omnibase_infra/models/registration/model_event_bus_topic_entry.py +59 -0
- omnibase_infra/models/registration/model_introspection_metrics.py +253 -0
- omnibase_infra/models/registration/model_node_capabilities.py +190 -0
- omnibase_infra/models/registration/model_node_event_bus_config.py +99 -0
- omnibase_infra/models/registration/model_node_heartbeat_event.py +126 -0
- omnibase_infra/models/registration/model_node_introspection_event.py +195 -0
- omnibase_infra/models/registration/model_node_metadata.py +79 -0
- omnibase_infra/models/registration/model_node_registration.py +162 -0
- omnibase_infra/models/registration/model_node_registration_record.py +162 -0
- omnibase_infra/models/registry/__init__.py +29 -0
- omnibase_infra/models/registry/model_domain_constraint.py +202 -0
- omnibase_infra/models/registry/model_message_type_entry.py +271 -0
- omnibase_infra/models/resilience/__init__.py +9 -0
- omnibase_infra/models/resilience/model_circuit_breaker_config.py +227 -0
- omnibase_infra/models/routing/__init__.py +25 -0
- omnibase_infra/models/routing/model_routing_entry.py +52 -0
- omnibase_infra/models/routing/model_routing_subcontract.py +70 -0
- omnibase_infra/models/runtime/__init__.py +49 -0
- omnibase_infra/models/runtime/model_contract_security_config.py +41 -0
- omnibase_infra/models/runtime/model_discovery_error.py +81 -0
- omnibase_infra/models/runtime/model_discovery_result.py +162 -0
- omnibase_infra/models/runtime/model_discovery_warning.py +74 -0
- omnibase_infra/models/runtime/model_failed_plugin_load.py +63 -0
- omnibase_infra/models/runtime/model_handler_contract.py +296 -0
- omnibase_infra/models/runtime/model_loaded_handler.py +129 -0
- omnibase_infra/models/runtime/model_plugin_load_context.py +93 -0
- omnibase_infra/models/runtime/model_plugin_load_summary.py +124 -0
- omnibase_infra/models/security/__init__.py +50 -0
- omnibase_infra/models/security/classification_levels.py +99 -0
- omnibase_infra/models/security/model_environment_policy.py +145 -0
- omnibase_infra/models/security/model_handler_security_policy.py +107 -0
- omnibase_infra/models/security/model_security_error.py +81 -0
- omnibase_infra/models/security/model_security_validation_result.py +328 -0
- omnibase_infra/models/security/model_security_warning.py +67 -0
- omnibase_infra/models/snapshot/__init__.py +27 -0
- omnibase_infra/models/snapshot/model_field_change.py +65 -0
- omnibase_infra/models/snapshot/model_snapshot.py +270 -0
- omnibase_infra/models/snapshot/model_snapshot_diff.py +203 -0
- omnibase_infra/models/snapshot/model_subject_ref.py +81 -0
- omnibase_infra/models/types/__init__.py +71 -0
- omnibase_infra/models/validation/__init__.py +89 -0
- omnibase_infra/models/validation/model_any_type_validation_result.py +118 -0
- omnibase_infra/models/validation/model_any_type_violation.py +141 -0
- omnibase_infra/models/validation/model_category_match_result.py +345 -0
- omnibase_infra/models/validation/model_chain_violation.py +166 -0
- omnibase_infra/models/validation/model_coverage_metrics.py +316 -0
- omnibase_infra/models/validation/model_execution_shape_rule.py +159 -0
- omnibase_infra/models/validation/model_execution_shape_validation.py +208 -0
- omnibase_infra/models/validation/model_execution_shape_validation_result.py +294 -0
- omnibase_infra/models/validation/model_execution_shape_violation.py +122 -0
- omnibase_infra/models/validation/model_localhandler_validation_result.py +139 -0
- omnibase_infra/models/validation/model_localhandler_violation.py +100 -0
- omnibase_infra/models/validation/model_output_validation_params.py +74 -0
- omnibase_infra/models/validation/model_validate_and_raise_params.py +84 -0
- omnibase_infra/models/validation/model_validation_error_params.py +84 -0
- omnibase_infra/models/validation/model_validation_outcome.py +287 -0
- omnibase_infra/nodes/__init__.py +57 -0
- omnibase_infra/nodes/architecture_validator/__init__.py +79 -0
- omnibase_infra/nodes/architecture_validator/contract.yaml +252 -0
- omnibase_infra/nodes/architecture_validator/contract_architecture_validator.yaml +203 -0
- omnibase_infra/nodes/architecture_validator/mixins/__init__.py +16 -0
- omnibase_infra/nodes/architecture_validator/mixins/mixin_file_path_rule.py +92 -0
- omnibase_infra/nodes/architecture_validator/models/__init__.py +36 -0
- omnibase_infra/nodes/architecture_validator/models/model_architecture_validation_request.py +56 -0
- omnibase_infra/nodes/architecture_validator/models/model_architecture_validation_result.py +311 -0
- omnibase_infra/nodes/architecture_validator/models/model_architecture_violation.py +163 -0
- omnibase_infra/nodes/architecture_validator/models/model_rule_check_result.py +265 -0
- omnibase_infra/nodes/architecture_validator/models/model_validation_request.py +105 -0
- omnibase_infra/nodes/architecture_validator/models/model_validation_result.py +314 -0
- omnibase_infra/nodes/architecture_validator/node.py +262 -0
- omnibase_infra/nodes/architecture_validator/node_architecture_validator.py +383 -0
- omnibase_infra/nodes/architecture_validator/protocols/__init__.py +9 -0
- omnibase_infra/nodes/architecture_validator/protocols/protocol_architecture_rule.py +225 -0
- omnibase_infra/nodes/architecture_validator/registry/__init__.py +28 -0
- omnibase_infra/nodes/architecture_validator/registry/registry_infra_architecture_validator.py +106 -0
- omnibase_infra/nodes/architecture_validator/validators/__init__.py +104 -0
- omnibase_infra/nodes/architecture_validator/validators/validator_no_direct_dispatch.py +422 -0
- omnibase_infra/nodes/architecture_validator/validators/validator_no_handler_publishing.py +481 -0
- omnibase_infra/nodes/architecture_validator/validators/validator_no_orchestrator_fsm.py +491 -0
- omnibase_infra/nodes/contract_registry_reducer/__init__.py +29 -0
- omnibase_infra/nodes/contract_registry_reducer/contract.yaml +255 -0
- omnibase_infra/nodes/contract_registry_reducer/models/__init__.py +38 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_contract_registry_state.py +266 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_cleanup_topic_references.py +55 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_deactivate_contract.py +58 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_mark_stale.py +49 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_update_heartbeat.py +71 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_update_topic.py +66 -0
- omnibase_infra/nodes/contract_registry_reducer/models/model_payload_upsert_contract.py +92 -0
- omnibase_infra/nodes/contract_registry_reducer/node.py +121 -0
- omnibase_infra/nodes/contract_registry_reducer/reducer.py +784 -0
- omnibase_infra/nodes/contract_registry_reducer/registry/__init__.py +9 -0
- omnibase_infra/nodes/contract_registry_reducer/registry/registry_infra_contract_registry_reducer.py +101 -0
- omnibase_infra/nodes/effects/README.md +358 -0
- omnibase_infra/nodes/effects/__init__.py +26 -0
- omnibase_infra/nodes/effects/contract.yaml +167 -0
- omnibase_infra/nodes/effects/models/__init__.py +32 -0
- omnibase_infra/nodes/effects/models/model_backend_result.py +190 -0
- omnibase_infra/nodes/effects/models/model_effect_idempotency_config.py +92 -0
- omnibase_infra/nodes/effects/models/model_registry_request.py +132 -0
- omnibase_infra/nodes/effects/models/model_registry_response.py +263 -0
- omnibase_infra/nodes/effects/protocol_consul_client.py +89 -0
- omnibase_infra/nodes/effects/protocol_effect_idempotency_store.py +143 -0
- omnibase_infra/nodes/effects/protocol_postgres_adapter.py +96 -0
- omnibase_infra/nodes/effects/registry_effect.py +525 -0
- omnibase_infra/nodes/effects/store_effect_idempotency_inmemory.py +425 -0
- omnibase_infra/nodes/handlers/consul/contract.yaml +85 -0
- omnibase_infra/nodes/handlers/db/contract.yaml +72 -0
- omnibase_infra/nodes/handlers/graph/contract.yaml +127 -0
- omnibase_infra/nodes/handlers/http/contract.yaml +74 -0
- omnibase_infra/nodes/handlers/intent/contract.yaml +66 -0
- omnibase_infra/nodes/handlers/mcp/contract.yaml +69 -0
- omnibase_infra/nodes/handlers/vault/contract.yaml +91 -0
- omnibase_infra/nodes/node_intent_storage_effect/__init__.py +50 -0
- omnibase_infra/nodes/node_intent_storage_effect/contract.yaml +194 -0
- omnibase_infra/nodes/node_intent_storage_effect/models/__init__.py +24 -0
- omnibase_infra/nodes/node_intent_storage_effect/models/model_intent_storage_input.py +141 -0
- omnibase_infra/nodes/node_intent_storage_effect/models/model_intent_storage_output.py +130 -0
- omnibase_infra/nodes/node_intent_storage_effect/node.py +94 -0
- omnibase_infra/nodes/node_intent_storage_effect/registry/__init__.py +35 -0
- omnibase_infra/nodes/node_intent_storage_effect/registry/registry_infra_intent_storage.py +294 -0
- omnibase_infra/nodes/node_ledger_projection_compute/__init__.py +50 -0
- omnibase_infra/nodes/node_ledger_projection_compute/contract.yaml +104 -0
- omnibase_infra/nodes/node_ledger_projection_compute/node.py +284 -0
- omnibase_infra/nodes/node_ledger_projection_compute/registry/__init__.py +29 -0
- omnibase_infra/nodes/node_ledger_projection_compute/registry/registry_infra_ledger_projection.py +118 -0
- omnibase_infra/nodes/node_ledger_write_effect/__init__.py +82 -0
- omnibase_infra/nodes/node_ledger_write_effect/contract.yaml +200 -0
- omnibase_infra/nodes/node_ledger_write_effect/handlers/__init__.py +22 -0
- omnibase_infra/nodes/node_ledger_write_effect/handlers/handler_ledger_append.py +372 -0
- omnibase_infra/nodes/node_ledger_write_effect/handlers/handler_ledger_query.py +597 -0
- omnibase_infra/nodes/node_ledger_write_effect/models/__init__.py +31 -0
- omnibase_infra/nodes/node_ledger_write_effect/models/model_ledger_append_result.py +54 -0
- omnibase_infra/nodes/node_ledger_write_effect/models/model_ledger_entry.py +92 -0
- omnibase_infra/nodes/node_ledger_write_effect/models/model_ledger_query.py +53 -0
- omnibase_infra/nodes/node_ledger_write_effect/models/model_ledger_query_result.py +41 -0
- omnibase_infra/nodes/node_ledger_write_effect/node.py +89 -0
- omnibase_infra/nodes/node_ledger_write_effect/protocols/__init__.py +13 -0
- omnibase_infra/nodes/node_ledger_write_effect/protocols/protocol_ledger_persistence.py +127 -0
- omnibase_infra/nodes/node_ledger_write_effect/registry/__init__.py +9 -0
- omnibase_infra/nodes/node_ledger_write_effect/registry/registry_infra_ledger_write.py +121 -0
- omnibase_infra/nodes/node_registration_orchestrator/README.md +542 -0
- omnibase_infra/nodes/node_registration_orchestrator/__init__.py +120 -0
- omnibase_infra/nodes/node_registration_orchestrator/contract.yaml +482 -0
- omnibase_infra/nodes/node_registration_orchestrator/dispatchers/__init__.py +53 -0
- omnibase_infra/nodes/node_registration_orchestrator/dispatchers/dispatcher_node_introspected.py +376 -0
- omnibase_infra/nodes/node_registration_orchestrator/dispatchers/dispatcher_node_registration_acked.py +376 -0
- omnibase_infra/nodes/node_registration_orchestrator/dispatchers/dispatcher_runtime_tick.py +373 -0
- omnibase_infra/nodes/node_registration_orchestrator/handlers/__init__.py +62 -0
- omnibase_infra/nodes/node_registration_orchestrator/handlers/handler_node_heartbeat.py +376 -0
- omnibase_infra/nodes/node_registration_orchestrator/handlers/handler_node_introspected.py +694 -0
- omnibase_infra/nodes/node_registration_orchestrator/handlers/handler_node_registration_acked.py +458 -0
- omnibase_infra/nodes/node_registration_orchestrator/handlers/handler_runtime_tick.py +364 -0
- omnibase_infra/nodes/node_registration_orchestrator/introspection_event_router.py +544 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/__init__.py +75 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_consul_intent_payload.py +194 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_consul_registration_intent.py +67 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_intent_execution_result.py +50 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_node_liveness_expired.py +107 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_orchestrator_config.py +67 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_orchestrator_input.py +41 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_orchestrator_output.py +166 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_postgres_intent_payload.py +235 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_postgres_upsert_intent.py +68 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_reducer_execution_result.py +384 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_reducer_state.py +60 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_registration_intent.py +177 -0
- omnibase_infra/nodes/node_registration_orchestrator/models/model_registry_intent.py +247 -0
- omnibase_infra/nodes/node_registration_orchestrator/node.py +195 -0
- omnibase_infra/nodes/node_registration_orchestrator/plugin.py +909 -0
- omnibase_infra/nodes/node_registration_orchestrator/protocols.py +439 -0
- omnibase_infra/nodes/node_registration_orchestrator/registry/__init__.py +41 -0
- omnibase_infra/nodes/node_registration_orchestrator/registry/registry_infra_node_registration_orchestrator.py +528 -0
- omnibase_infra/nodes/node_registration_orchestrator/timeout_coordinator.py +393 -0
- omnibase_infra/nodes/node_registration_orchestrator/wiring.py +743 -0
- omnibase_infra/nodes/node_registration_reducer/__init__.py +15 -0
- omnibase_infra/nodes/node_registration_reducer/contract.yaml +301 -0
- omnibase_infra/nodes/node_registration_reducer/models/__init__.py +38 -0
- omnibase_infra/nodes/node_registration_reducer/models/model_validation_result.py +113 -0
- omnibase_infra/nodes/node_registration_reducer/node.py +139 -0
- omnibase_infra/nodes/node_registration_reducer/registry/__init__.py +9 -0
- omnibase_infra/nodes/node_registration_reducer/registry/registry_infra_node_registration_reducer.py +79 -0
- omnibase_infra/nodes/node_registration_storage_effect/__init__.py +41 -0
- omnibase_infra/nodes/node_registration_storage_effect/contract.yaml +220 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/__init__.py +44 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_delete_result.py +132 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_registration_record.py +199 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_registration_update.py +155 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_storage_health_check_details.py +123 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_storage_health_check_result.py +117 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_storage_query.py +100 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_storage_result.py +136 -0
- omnibase_infra/nodes/node_registration_storage_effect/models/model_upsert_result.py +127 -0
- omnibase_infra/nodes/node_registration_storage_effect/node.py +112 -0
- omnibase_infra/nodes/node_registration_storage_effect/protocols/__init__.py +22 -0
- omnibase_infra/nodes/node_registration_storage_effect/protocols/protocol_registration_persistence.py +333 -0
- omnibase_infra/nodes/node_registration_storage_effect/registry/__init__.py +23 -0
- omnibase_infra/nodes/node_registration_storage_effect/registry/registry_infra_registration_storage.py +215 -0
- omnibase_infra/nodes/node_registry_effect/__init__.py +85 -0
- omnibase_infra/nodes/node_registry_effect/contract.yaml +677 -0
- omnibase_infra/nodes/node_registry_effect/handlers/__init__.py +70 -0
- omnibase_infra/nodes/node_registry_effect/handlers/handler_consul_deregister.py +211 -0
- omnibase_infra/nodes/node_registry_effect/handlers/handler_consul_register.py +212 -0
- omnibase_infra/nodes/node_registry_effect/handlers/handler_partial_retry.py +417 -0
- omnibase_infra/nodes/node_registry_effect/handlers/handler_postgres_deactivate.py +215 -0
- omnibase_infra/nodes/node_registry_effect/handlers/handler_postgres_upsert.py +208 -0
- omnibase_infra/nodes/node_registry_effect/models/__init__.py +43 -0
- omnibase_infra/nodes/node_registry_effect/models/model_partial_retry_request.py +92 -0
- omnibase_infra/nodes/node_registry_effect/node.py +165 -0
- omnibase_infra/nodes/node_registry_effect/registry/__init__.py +27 -0
- omnibase_infra/nodes/node_registry_effect/registry/registry_infra_registry_effect.py +196 -0
- omnibase_infra/nodes/node_service_discovery_effect/__init__.py +111 -0
- omnibase_infra/nodes/node_service_discovery_effect/contract.yaml +246 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/__init__.py +67 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/enum_health_status.py +72 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/enum_service_discovery_operation.py +58 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_discovery_query.py +99 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_discovery_result.py +98 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_health_check_config.py +121 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_query_metadata.py +63 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_registration_result.py +130 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_service_discovery_health_check_details.py +111 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_service_discovery_health_check_result.py +119 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_service_info.py +106 -0
- omnibase_infra/nodes/node_service_discovery_effect/models/model_service_registration.py +121 -0
- omnibase_infra/nodes/node_service_discovery_effect/node.py +111 -0
- omnibase_infra/nodes/node_service_discovery_effect/protocols/__init__.py +14 -0
- omnibase_infra/nodes/node_service_discovery_effect/protocols/protocol_discovery_operations.py +279 -0
- omnibase_infra/nodes/node_service_discovery_effect/registry/__init__.py +13 -0
- omnibase_infra/nodes/node_service_discovery_effect/registry/registry_infra_service_discovery.py +222 -0
- omnibase_infra/nodes/reducers/__init__.py +30 -0
- omnibase_infra/nodes/reducers/models/__init__.py +37 -0
- omnibase_infra/nodes/reducers/models/model_payload_consul_register.py +87 -0
- omnibase_infra/nodes/reducers/models/model_payload_ledger_append.py +133 -0
- omnibase_infra/nodes/reducers/models/model_payload_postgres_upsert_registration.py +60 -0
- omnibase_infra/nodes/reducers/models/model_registration_confirmation.py +166 -0
- omnibase_infra/nodes/reducers/models/model_registration_state.py +433 -0
- omnibase_infra/nodes/reducers/registration_reducer.py +1138 -0
- omnibase_infra/observability/__init__.py +143 -0
- omnibase_infra/observability/constants_metrics.py +91 -0
- omnibase_infra/observability/factory_observability_sink.py +525 -0
- omnibase_infra/observability/handlers/__init__.py +118 -0
- omnibase_infra/observability/handlers/handler_logging_structured.py +967 -0
- omnibase_infra/observability/handlers/handler_metrics_prometheus.py +1120 -0
- omnibase_infra/observability/handlers/model_logging_handler_config.py +71 -0
- omnibase_infra/observability/handlers/model_logging_handler_response.py +77 -0
- omnibase_infra/observability/handlers/model_metrics_handler_config.py +172 -0
- omnibase_infra/observability/handlers/model_metrics_handler_payload.py +135 -0
- omnibase_infra/observability/handlers/model_metrics_handler_response.py +101 -0
- omnibase_infra/observability/hooks/__init__.py +74 -0
- omnibase_infra/observability/hooks/hook_observability.py +1223 -0
- omnibase_infra/observability/models/__init__.py +30 -0
- omnibase_infra/observability/models/enum_required_log_context_key.py +77 -0
- omnibase_infra/observability/models/model_buffered_log_entry.py +117 -0
- omnibase_infra/observability/models/model_logging_sink_config.py +73 -0
- omnibase_infra/observability/models/model_metrics_sink_config.py +156 -0
- omnibase_infra/observability/sinks/__init__.py +69 -0
- omnibase_infra/observability/sinks/sink_logging_structured.py +809 -0
- omnibase_infra/observability/sinks/sink_metrics_prometheus.py +710 -0
- omnibase_infra/plugins/__init__.py +27 -0
- omnibase_infra/plugins/examples/__init__.py +28 -0
- omnibase_infra/plugins/examples/plugin_json_normalizer.py +271 -0
- omnibase_infra/plugins/examples/plugin_json_normalizer_error_handling.py +210 -0
- omnibase_infra/plugins/models/__init__.py +21 -0
- omnibase_infra/plugins/models/model_plugin_context.py +76 -0
- omnibase_infra/plugins/models/model_plugin_input_data.py +58 -0
- omnibase_infra/plugins/models/model_plugin_output_data.py +62 -0
- omnibase_infra/plugins/plugin_compute_base.py +449 -0
- omnibase_infra/projectors/__init__.py +30 -0
- omnibase_infra/projectors/contracts/__init__.py +63 -0
- omnibase_infra/projectors/contracts/registration_projector.yaml +370 -0
- omnibase_infra/projectors/projection_reader_registration.py +1559 -0
- omnibase_infra/projectors/snapshot_publisher_registration.py +1329 -0
- omnibase_infra/protocols/__init__.py +104 -0
- omnibase_infra/protocols/protocol_capability_projection.py +253 -0
- omnibase_infra/protocols/protocol_capability_query.py +251 -0
- omnibase_infra/protocols/protocol_container_aware.py +200 -0
- omnibase_infra/protocols/protocol_dispatch_engine.py +152 -0
- omnibase_infra/protocols/protocol_event_bus_like.py +127 -0
- omnibase_infra/protocols/protocol_event_projector.py +96 -0
- omnibase_infra/protocols/protocol_idempotency_store.py +142 -0
- omnibase_infra/protocols/protocol_message_dispatcher.py +247 -0
- omnibase_infra/protocols/protocol_message_type_registry.py +306 -0
- omnibase_infra/protocols/protocol_plugin_compute.py +368 -0
- omnibase_infra/protocols/protocol_projector_schema_validator.py +82 -0
- omnibase_infra/protocols/protocol_registry_metrics.py +215 -0
- omnibase_infra/protocols/protocol_snapshot_publisher.py +396 -0
- omnibase_infra/protocols/protocol_snapshot_store.py +567 -0
- omnibase_infra/runtime/__init__.py +445 -0
- omnibase_infra/runtime/binding_config_resolver.py +2771 -0
- omnibase_infra/runtime/binding_resolver.py +753 -0
- omnibase_infra/runtime/chain_aware_dispatch.py +467 -0
- omnibase_infra/runtime/constants_notification.py +75 -0
- omnibase_infra/runtime/constants_security.py +70 -0
- omnibase_infra/runtime/contract_handler_discovery.py +587 -0
- omnibase_infra/runtime/contract_loaders/__init__.py +51 -0
- omnibase_infra/runtime/contract_loaders/handler_routing_loader.py +464 -0
- omnibase_infra/runtime/contract_loaders/operation_bindings_loader.py +789 -0
- omnibase_infra/runtime/dispatch_context_enforcer.py +427 -0
- omnibase_infra/runtime/emit_daemon/__init__.py +97 -0
- omnibase_infra/runtime/emit_daemon/cli.py +844 -0
- omnibase_infra/runtime/emit_daemon/client.py +811 -0
- omnibase_infra/runtime/emit_daemon/config.py +535 -0
- omnibase_infra/runtime/emit_daemon/daemon.py +812 -0
- omnibase_infra/runtime/emit_daemon/event_registry.py +477 -0
- omnibase_infra/runtime/emit_daemon/model_daemon_request.py +139 -0
- omnibase_infra/runtime/emit_daemon/model_daemon_response.py +191 -0
- omnibase_infra/runtime/emit_daemon/queue.py +618 -0
- omnibase_infra/runtime/enums/__init__.py +18 -0
- omnibase_infra/runtime/enums/enum_config_ref_scheme.py +33 -0
- omnibase_infra/runtime/enums/enum_scheduler_status.py +170 -0
- omnibase_infra/runtime/envelope_validator.py +179 -0
- omnibase_infra/runtime/event_bus_subcontract_wiring.py +466 -0
- omnibase_infra/runtime/handler_bootstrap_source.py +507 -0
- omnibase_infra/runtime/handler_contract_config_loader.py +603 -0
- omnibase_infra/runtime/handler_contract_source.py +750 -0
- omnibase_infra/runtime/handler_identity.py +81 -0
- omnibase_infra/runtime/handler_plugin_loader.py +2046 -0
- omnibase_infra/runtime/handler_registry.py +329 -0
- omnibase_infra/runtime/handler_source_resolver.py +367 -0
- omnibase_infra/runtime/invocation_security_enforcer.py +427 -0
- omnibase_infra/runtime/kafka_contract_source.py +984 -0
- omnibase_infra/runtime/kernel.py +40 -0
- omnibase_infra/runtime/mixin_policy_validation.py +522 -0
- omnibase_infra/runtime/mixin_semver_cache.py +402 -0
- omnibase_infra/runtime/mixins/__init__.py +24 -0
- omnibase_infra/runtime/mixins/mixin_projector_notification_publishing.py +566 -0
- omnibase_infra/runtime/mixins/mixin_projector_sql_operations.py +778 -0
- omnibase_infra/runtime/models/__init__.py +229 -0
- omnibase_infra/runtime/models/model_batch_lifecycle_result.py +217 -0
- omnibase_infra/runtime/models/model_binding_config.py +168 -0
- omnibase_infra/runtime/models/model_binding_config_cache_stats.py +135 -0
- omnibase_infra/runtime/models/model_binding_config_resolver_config.py +329 -0
- omnibase_infra/runtime/models/model_cached_secret.py +138 -0
- omnibase_infra/runtime/models/model_compute_key.py +138 -0
- omnibase_infra/runtime/models/model_compute_registration.py +97 -0
- omnibase_infra/runtime/models/model_config_cache_entry.py +61 -0
- omnibase_infra/runtime/models/model_config_ref.py +331 -0
- omnibase_infra/runtime/models/model_config_ref_parse_result.py +125 -0
- omnibase_infra/runtime/models/model_contract_load_result.py +224 -0
- omnibase_infra/runtime/models/model_domain_plugin_config.py +92 -0
- omnibase_infra/runtime/models/model_domain_plugin_result.py +270 -0
- omnibase_infra/runtime/models/model_duplicate_response.py +54 -0
- omnibase_infra/runtime/models/model_enabled_protocols_config.py +61 -0
- omnibase_infra/runtime/models/model_event_bus_config.py +54 -0
- omnibase_infra/runtime/models/model_failed_component.py +55 -0
- omnibase_infra/runtime/models/model_health_check_response.py +168 -0
- omnibase_infra/runtime/models/model_health_check_result.py +229 -0
- omnibase_infra/runtime/models/model_lifecycle_result.py +245 -0
- omnibase_infra/runtime/models/model_logging_config.py +42 -0
- omnibase_infra/runtime/models/model_optional_correlation_id.py +167 -0
- omnibase_infra/runtime/models/model_optional_string.py +94 -0
- omnibase_infra/runtime/models/model_optional_uuid.py +110 -0
- omnibase_infra/runtime/models/model_policy_context.py +100 -0
- omnibase_infra/runtime/models/model_policy_key.py +138 -0
- omnibase_infra/runtime/models/model_policy_registration.py +139 -0
- omnibase_infra/runtime/models/model_policy_result.py +103 -0
- omnibase_infra/runtime/models/model_policy_type_filter.py +157 -0
- omnibase_infra/runtime/models/model_projector_notification_config.py +171 -0
- omnibase_infra/runtime/models/model_projector_plugin_loader_config.py +47 -0
- omnibase_infra/runtime/models/model_protocol_registration_config.py +65 -0
- omnibase_infra/runtime/models/model_retry_policy.py +105 -0
- omnibase_infra/runtime/models/model_runtime_config.py +150 -0
- omnibase_infra/runtime/models/model_runtime_contract_config.py +268 -0
- omnibase_infra/runtime/models/model_runtime_scheduler_config.py +625 -0
- omnibase_infra/runtime/models/model_runtime_scheduler_metrics.py +233 -0
- omnibase_infra/runtime/models/model_runtime_tick.py +193 -0
- omnibase_infra/runtime/models/model_secret_cache_stats.py +82 -0
- omnibase_infra/runtime/models/model_secret_mapping.py +63 -0
- omnibase_infra/runtime/models/model_secret_resolver_config.py +107 -0
- omnibase_infra/runtime/models/model_secret_resolver_metrics.py +111 -0
- omnibase_infra/runtime/models/model_secret_source_info.py +72 -0
- omnibase_infra/runtime/models/model_secret_source_spec.py +66 -0
- omnibase_infra/runtime/models/model_security_config.py +109 -0
- omnibase_infra/runtime/models/model_shutdown_batch_result.py +75 -0
- omnibase_infra/runtime/models/model_shutdown_config.py +94 -0
- omnibase_infra/runtime/models/model_transition_notification_outbox_config.py +112 -0
- omnibase_infra/runtime/models/model_transition_notification_outbox_metrics.py +140 -0
- omnibase_infra/runtime/models/model_transition_notification_publisher_metrics.py +357 -0
- omnibase_infra/runtime/projector_plugin_loader.py +1462 -0
- omnibase_infra/runtime/projector_schema_manager.py +565 -0
- omnibase_infra/runtime/projector_shell.py +1330 -0
- omnibase_infra/runtime/protocol_contract_descriptor.py +92 -0
- omnibase_infra/runtime/protocol_contract_source.py +92 -0
- omnibase_infra/runtime/protocol_domain_plugin.py +474 -0
- omnibase_infra/runtime/protocol_handler_discovery.py +221 -0
- omnibase_infra/runtime/protocol_handler_plugin_loader.py +327 -0
- omnibase_infra/runtime/protocol_lifecycle_executor.py +435 -0
- omnibase_infra/runtime/protocol_policy.py +366 -0
- omnibase_infra/runtime/protocols/__init__.py +37 -0
- omnibase_infra/runtime/protocols/protocol_runtime_scheduler.py +468 -0
- omnibase_infra/runtime/publisher_topic_scoped.py +294 -0
- omnibase_infra/runtime/registry/__init__.py +93 -0
- omnibase_infra/runtime/registry/mixin_message_type_query.py +326 -0
- omnibase_infra/runtime/registry/mixin_message_type_registration.py +354 -0
- omnibase_infra/runtime/registry/registry_event_bus_binding.py +268 -0
- omnibase_infra/runtime/registry/registry_message_type.py +542 -0
- omnibase_infra/runtime/registry/registry_protocol_binding.py +445 -0
- omnibase_infra/runtime/registry_compute.py +1143 -0
- omnibase_infra/runtime/registry_contract_source.py +693 -0
- omnibase_infra/runtime/registry_dispatcher.py +678 -0
- omnibase_infra/runtime/registry_policy.py +1185 -0
- omnibase_infra/runtime/runtime_contract_config_loader.py +406 -0
- omnibase_infra/runtime/runtime_scheduler.py +1070 -0
- omnibase_infra/runtime/secret_resolver.py +2112 -0
- omnibase_infra/runtime/security_metadata_validator.py +776 -0
- omnibase_infra/runtime/service_kernel.py +1651 -0
- omnibase_infra/runtime/service_message_dispatch_engine.py +2350 -0
- omnibase_infra/runtime/service_runtime_host_process.py +3493 -0
- omnibase_infra/runtime/transition_notification_outbox.py +1190 -0
- omnibase_infra/runtime/transition_notification_publisher.py +765 -0
- omnibase_infra/runtime/util_container_wiring.py +1124 -0
- omnibase_infra/runtime/util_validation.py +314 -0
- omnibase_infra/runtime/util_version.py +98 -0
- omnibase_infra/runtime/util_wiring.py +723 -0
- omnibase_infra/schemas/schema_registration_projection.sql +320 -0
- omnibase_infra/schemas/schema_transition_notification_outbox.sql +245 -0
- omnibase_infra/services/__init__.py +89 -0
- omnibase_infra/services/corpus_capture.py +684 -0
- omnibase_infra/services/mcp/__init__.py +31 -0
- omnibase_infra/services/mcp/mcp_server_lifecycle.py +449 -0
- omnibase_infra/services/mcp/service_mcp_tool_discovery.py +411 -0
- omnibase_infra/services/mcp/service_mcp_tool_registry.py +329 -0
- omnibase_infra/services/mcp/service_mcp_tool_sync.py +565 -0
- omnibase_infra/services/registry_api/__init__.py +40 -0
- omnibase_infra/services/registry_api/main.py +261 -0
- omnibase_infra/services/registry_api/models/__init__.py +66 -0
- omnibase_infra/services/registry_api/models/model_capability_widget_mapping.py +38 -0
- omnibase_infra/services/registry_api/models/model_pagination_info.py +48 -0
- omnibase_infra/services/registry_api/models/model_registry_discovery_response.py +73 -0
- omnibase_infra/services/registry_api/models/model_registry_health_response.py +49 -0
- omnibase_infra/services/registry_api/models/model_registry_instance_view.py +88 -0
- omnibase_infra/services/registry_api/models/model_registry_node_view.py +88 -0
- omnibase_infra/services/registry_api/models/model_registry_summary.py +60 -0
- omnibase_infra/services/registry_api/models/model_response_list_instances.py +43 -0
- omnibase_infra/services/registry_api/models/model_response_list_nodes.py +51 -0
- omnibase_infra/services/registry_api/models/model_warning.py +49 -0
- omnibase_infra/services/registry_api/models/model_widget_defaults.py +28 -0
- omnibase_infra/services/registry_api/models/model_widget_mapping.py +51 -0
- omnibase_infra/services/registry_api/routes.py +371 -0
- omnibase_infra/services/registry_api/service.py +837 -0
- omnibase_infra/services/service_capability_query.py +945 -0
- omnibase_infra/services/service_health.py +898 -0
- omnibase_infra/services/service_node_selector.py +530 -0
- omnibase_infra/services/service_timeout_emitter.py +699 -0
- omnibase_infra/services/service_timeout_scanner.py +394 -0
- omnibase_infra/services/session/__init__.py +56 -0
- omnibase_infra/services/session/config_consumer.py +137 -0
- omnibase_infra/services/session/config_store.py +139 -0
- omnibase_infra/services/session/consumer.py +1007 -0
- omnibase_infra/services/session/protocol_session_aggregator.py +117 -0
- omnibase_infra/services/session/store.py +997 -0
- omnibase_infra/services/snapshot/__init__.py +31 -0
- omnibase_infra/services/snapshot/service_snapshot.py +647 -0
- omnibase_infra/services/snapshot/store_inmemory.py +637 -0
- omnibase_infra/services/snapshot/store_postgres.py +1279 -0
- omnibase_infra/shared/__init__.py +8 -0
- omnibase_infra/testing/__init__.py +10 -0
- omnibase_infra/testing/utils.py +23 -0
- omnibase_infra/topics/__init__.py +45 -0
- omnibase_infra/topics/platform_topic_suffixes.py +140 -0
- omnibase_infra/topics/util_topic_composition.py +95 -0
- omnibase_infra/types/__init__.py +48 -0
- omnibase_infra/types/type_cache_info.py +49 -0
- omnibase_infra/types/type_dsn.py +173 -0
- omnibase_infra/types/type_infra_aliases.py +60 -0
- omnibase_infra/types/typed_dict/__init__.py +29 -0
- omnibase_infra/types/typed_dict/typed_dict_envelope_build_params.py +115 -0
- omnibase_infra/types/typed_dict/typed_dict_introspection_cache.py +128 -0
- omnibase_infra/types/typed_dict/typed_dict_performance_metrics_cache.py +140 -0
- omnibase_infra/types/typed_dict_capabilities.py +64 -0
- omnibase_infra/utils/__init__.py +117 -0
- omnibase_infra/utils/correlation.py +208 -0
- omnibase_infra/utils/util_atomic_file.py +261 -0
- omnibase_infra/utils/util_consumer_group.py +232 -0
- omnibase_infra/utils/util_datetime.py +372 -0
- omnibase_infra/utils/util_db_transaction.py +239 -0
- omnibase_infra/utils/util_dsn_validation.py +333 -0
- omnibase_infra/utils/util_env_parsing.py +264 -0
- omnibase_infra/utils/util_error_sanitization.py +457 -0
- omnibase_infra/utils/util_pydantic_validators.py +477 -0
- omnibase_infra/utils/util_retry_optimistic.py +281 -0
- omnibase_infra/utils/util_semver.py +233 -0
- omnibase_infra/validation/__init__.py +307 -0
- omnibase_infra/validation/contracts/security.validation.yaml +114 -0
- omnibase_infra/validation/enums/__init__.py +11 -0
- omnibase_infra/validation/enums/enum_contract_violation_severity.py +13 -0
- omnibase_infra/validation/infra_validators.py +1514 -0
- omnibase_infra/validation/linter_contract.py +907 -0
- omnibase_infra/validation/mixin_any_type_classification.py +120 -0
- omnibase_infra/validation/mixin_any_type_exemption.py +580 -0
- omnibase_infra/validation/mixin_any_type_reporting.py +106 -0
- omnibase_infra/validation/mixin_execution_shape_violation_checks.py +596 -0
- omnibase_infra/validation/mixin_node_archetype_detection.py +254 -0
- omnibase_infra/validation/models/__init__.py +15 -0
- omnibase_infra/validation/models/model_contract_lint_result.py +101 -0
- omnibase_infra/validation/models/model_contract_violation.py +41 -0
- omnibase_infra/validation/service_validation_aggregator.py +395 -0
- omnibase_infra/validation/validation_exemptions.yaml +2033 -0
- omnibase_infra/validation/validator_any_type.py +715 -0
- omnibase_infra/validation/validator_chain_propagation.py +839 -0
- omnibase_infra/validation/validator_execution_shape.py +465 -0
- omnibase_infra/validation/validator_localhandler.py +261 -0
- omnibase_infra/validation/validator_registration_security.py +410 -0
- omnibase_infra/validation/validator_routing_coverage.py +1020 -0
- omnibase_infra/validation/validator_runtime_shape.py +915 -0
- omnibase_infra/validation/validator_security.py +513 -0
- omnibase_infra/validation/validator_topic_category.py +1152 -0
- omnibase_infra-0.2.6.dist-info/METADATA +197 -0
- omnibase_infra-0.2.6.dist-info/RECORD +833 -0
- omnibase_infra-0.2.6.dist-info/WHEEL +4 -0
- omnibase_infra-0.2.6.dist-info/entry_points.txt +5 -0
- omnibase_infra-0.2.6.dist-info/licenses/LICENSE +21 -0
|
@@ -0,0 +1,216 @@
|
|
|
1
|
+
"""
|
|
2
|
+
ONEX Infrastructure CLI Commands.
|
|
3
|
+
|
|
4
|
+
Provides CLI interface for infrastructure management and validation.
|
|
5
|
+
"""
|
|
6
|
+
|
|
7
|
+
import click
|
|
8
|
+
from rich.console import Console
|
|
9
|
+
from rich.table import Table
|
|
10
|
+
|
|
11
|
+
console = Console()
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
@click.group()
|
|
15
|
+
def cli() -> None:
|
|
16
|
+
"""ONEX Infrastructure CLI."""
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
@cli.group()
|
|
20
|
+
def validate() -> None:
|
|
21
|
+
"""Validation commands for infrastructure code."""
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
@validate.command("architecture")
|
|
25
|
+
@click.argument("directory", default="src/omnibase_infra/")
|
|
26
|
+
@click.option(
|
|
27
|
+
"--max-violations",
|
|
28
|
+
default=None,
|
|
29
|
+
help="Maximum allowed violations (default: INFRA_MAX_VIOLATIONS)",
|
|
30
|
+
)
|
|
31
|
+
def validate_architecture_cmd(directory: str, max_violations: int | None) -> None:
|
|
32
|
+
"""Validate architecture (one-model-per-file)."""
|
|
33
|
+
from omnibase_infra.validation.infra_validators import (
|
|
34
|
+
INFRA_MAX_VIOLATIONS,
|
|
35
|
+
validate_infra_architecture,
|
|
36
|
+
)
|
|
37
|
+
|
|
38
|
+
console.print(f"[bold blue]Validating architecture in {directory}...[/bold blue]")
|
|
39
|
+
# Use INFRA_MAX_VIOLATIONS constant if no override provided
|
|
40
|
+
effective_max_violations = (
|
|
41
|
+
max_violations if max_violations is not None else INFRA_MAX_VIOLATIONS
|
|
42
|
+
)
|
|
43
|
+
result = validate_infra_architecture(directory, effective_max_violations)
|
|
44
|
+
_print_result("Architecture", result)
|
|
45
|
+
raise SystemExit(0 if result.is_valid else 1)
|
|
46
|
+
|
|
47
|
+
|
|
48
|
+
@validate.command("contracts")
|
|
49
|
+
@click.argument("directory", default="src/omnibase_infra/nodes/")
|
|
50
|
+
def validate_contracts_cmd(directory: str) -> None:
|
|
51
|
+
"""Validate YAML contracts."""
|
|
52
|
+
from omnibase_infra.validation.infra_validators import validate_infra_contracts
|
|
53
|
+
|
|
54
|
+
console.print(f"[bold blue]Validating contracts in {directory}...[/bold blue]")
|
|
55
|
+
result = validate_infra_contracts(directory)
|
|
56
|
+
_print_result("Contracts", result)
|
|
57
|
+
raise SystemExit(0 if result.is_valid else 1)
|
|
58
|
+
|
|
59
|
+
|
|
60
|
+
@validate.command("patterns")
|
|
61
|
+
@click.argument("directory", default="src/omnibase_infra/")
|
|
62
|
+
@click.option(
|
|
63
|
+
"--strict/--no-strict",
|
|
64
|
+
default=None,
|
|
65
|
+
help="Enable strict mode (default: INFRA_PATTERNS_STRICT)",
|
|
66
|
+
)
|
|
67
|
+
def validate_patterns_cmd(directory: str, strict: bool | None) -> None:
|
|
68
|
+
"""Validate code patterns and naming conventions."""
|
|
69
|
+
from omnibase_infra.validation.infra_validators import (
|
|
70
|
+
INFRA_PATTERNS_STRICT,
|
|
71
|
+
validate_infra_patterns,
|
|
72
|
+
)
|
|
73
|
+
|
|
74
|
+
console.print(f"[bold blue]Validating patterns in {directory}...[/bold blue]")
|
|
75
|
+
# Use INFRA_PATTERNS_STRICT constant if no override provided
|
|
76
|
+
effective_strict = strict if strict is not None else INFRA_PATTERNS_STRICT
|
|
77
|
+
result = validate_infra_patterns(directory, effective_strict)
|
|
78
|
+
_print_result("Patterns", result)
|
|
79
|
+
raise SystemExit(0 if result.is_valid else 1)
|
|
80
|
+
|
|
81
|
+
|
|
82
|
+
@validate.command("unions")
|
|
83
|
+
@click.argument("directory", default="src/omnibase_infra/")
|
|
84
|
+
@click.option(
|
|
85
|
+
"--max-unions",
|
|
86
|
+
default=None,
|
|
87
|
+
help="Maximum allowed union count (default: INFRA_MAX_UNIONS)",
|
|
88
|
+
)
|
|
89
|
+
@click.option(
|
|
90
|
+
"--strict/--no-strict",
|
|
91
|
+
default=None,
|
|
92
|
+
help="Enable strict mode (default: INFRA_UNIONS_STRICT)",
|
|
93
|
+
)
|
|
94
|
+
def validate_unions_cmd(
|
|
95
|
+
directory: str, max_unions: int | None, strict: bool | None
|
|
96
|
+
) -> None:
|
|
97
|
+
"""Validate Union type usage.
|
|
98
|
+
|
|
99
|
+
Counts total unions in the codebase.
|
|
100
|
+
Valid `X | None` patterns are counted but not flagged as violations.
|
|
101
|
+
"""
|
|
102
|
+
from omnibase_infra.validation.infra_validators import (
|
|
103
|
+
INFRA_MAX_UNIONS,
|
|
104
|
+
INFRA_UNIONS_STRICT,
|
|
105
|
+
validate_infra_union_usage,
|
|
106
|
+
)
|
|
107
|
+
|
|
108
|
+
console.print(f"[bold blue]Validating union usage in {directory}...[/bold blue]")
|
|
109
|
+
# Use constants if no override provided
|
|
110
|
+
effective_max_unions = max_unions if max_unions is not None else INFRA_MAX_UNIONS
|
|
111
|
+
effective_strict = strict if strict is not None else INFRA_UNIONS_STRICT
|
|
112
|
+
result = validate_infra_union_usage(
|
|
113
|
+
directory, effective_max_unions, effective_strict
|
|
114
|
+
)
|
|
115
|
+
_print_result("Union Usage", result)
|
|
116
|
+
raise SystemExit(0 if result.is_valid else 1)
|
|
117
|
+
|
|
118
|
+
|
|
119
|
+
@validate.command("imports")
|
|
120
|
+
@click.argument("directory", default="src/omnibase_infra/")
|
|
121
|
+
def validate_imports_cmd(directory: str) -> None:
|
|
122
|
+
"""Check for circular imports."""
|
|
123
|
+
from omnibase_infra.validation.infra_validators import (
|
|
124
|
+
validate_infra_circular_imports,
|
|
125
|
+
)
|
|
126
|
+
|
|
127
|
+
console.print(f"[bold blue]Checking circular imports in {directory}...[/bold blue]")
|
|
128
|
+
result = validate_infra_circular_imports(directory)
|
|
129
|
+
|
|
130
|
+
# ModelImportValidationResult uses has_circular_imports property (plural)
|
|
131
|
+
if not result.has_circular_imports:
|
|
132
|
+
console.print("[bold green]Circular Imports: PASS[/bold green]")
|
|
133
|
+
raise SystemExit(0)
|
|
134
|
+
console.print("[bold red]Circular Imports: FAIL[/bold red]")
|
|
135
|
+
if hasattr(result, "cycles") and result.cycles:
|
|
136
|
+
for cycle in result.cycles:
|
|
137
|
+
console.print(f" [red]Cycle: {cycle}[/red]")
|
|
138
|
+
if hasattr(result, "errors") and result.errors:
|
|
139
|
+
for error in result.errors:
|
|
140
|
+
console.print(f" [red]{error}[/red]")
|
|
141
|
+
raise SystemExit(1)
|
|
142
|
+
|
|
143
|
+
|
|
144
|
+
@validate.command("all")
|
|
145
|
+
@click.argument("directory", default="src/omnibase_infra/")
|
|
146
|
+
@click.option(
|
|
147
|
+
"--nodes-dir", default="src/omnibase_infra/nodes/", help="Nodes directory"
|
|
148
|
+
)
|
|
149
|
+
def validate_all_cmd(directory: str, nodes_dir: str) -> None:
|
|
150
|
+
"""Run all validations."""
|
|
151
|
+
from omnibase_infra.validation.infra_validators import (
|
|
152
|
+
get_validation_summary,
|
|
153
|
+
validate_infra_all,
|
|
154
|
+
)
|
|
155
|
+
|
|
156
|
+
console.print(f"[bold blue]Running all validations on {directory}...[/bold blue]\n")
|
|
157
|
+
results = validate_infra_all(directory, nodes_dir)
|
|
158
|
+
summary = get_validation_summary(results)
|
|
159
|
+
|
|
160
|
+
# Create summary table
|
|
161
|
+
table = Table(title="Validation Results")
|
|
162
|
+
table.add_column("Validator", style="cyan")
|
|
163
|
+
table.add_column("Status", style="bold")
|
|
164
|
+
table.add_column("Errors", style="red")
|
|
165
|
+
|
|
166
|
+
for name, result in results.items():
|
|
167
|
+
is_valid = _is_result_valid(result)
|
|
168
|
+
error_count = _get_error_count(result)
|
|
169
|
+
status = "[green]PASS[/green]" if is_valid else "[red]FAIL[/red]"
|
|
170
|
+
table.add_row(name.replace("_", " ").title(), status, str(error_count))
|
|
171
|
+
|
|
172
|
+
console.print(table)
|
|
173
|
+
|
|
174
|
+
# Print summary
|
|
175
|
+
passed = summary.get("passed", 0)
|
|
176
|
+
total = summary.get("total_validators", 0)
|
|
177
|
+
console.print(f"\n[bold]Summary: {passed}/{total} passed[/bold]")
|
|
178
|
+
|
|
179
|
+
all_valid = summary.get("failed", 0) == 0
|
|
180
|
+
raise SystemExit(0 if all_valid else 1)
|
|
181
|
+
|
|
182
|
+
|
|
183
|
+
def _is_result_valid(result: object) -> bool:
|
|
184
|
+
"""Check if a validation result is valid."""
|
|
185
|
+
if hasattr(result, "has_circular_imports"):
|
|
186
|
+
return not bool(result.has_circular_imports)
|
|
187
|
+
if hasattr(result, "is_valid"):
|
|
188
|
+
return bool(result.is_valid)
|
|
189
|
+
return False
|
|
190
|
+
|
|
191
|
+
|
|
192
|
+
def _get_error_count(result: object) -> int:
|
|
193
|
+
"""Get the error count from a validation result."""
|
|
194
|
+
if hasattr(result, "has_circular_imports"):
|
|
195
|
+
if hasattr(result, "cycles"):
|
|
196
|
+
return len(result.cycles)
|
|
197
|
+
return 1 if result.has_circular_imports else 0
|
|
198
|
+
if hasattr(result, "errors"):
|
|
199
|
+
return len(result.errors)
|
|
200
|
+
return 0
|
|
201
|
+
|
|
202
|
+
|
|
203
|
+
def _print_result(name: str, result: object) -> None:
|
|
204
|
+
"""Print validation result with rich formatting."""
|
|
205
|
+
if hasattr(result, "is_valid"):
|
|
206
|
+
if result.is_valid:
|
|
207
|
+
console.print(f"[bold green]{name}: PASS[/bold green]")
|
|
208
|
+
else:
|
|
209
|
+
console.print(f"[bold red]{name}: FAIL[/bold red]")
|
|
210
|
+
if hasattr(result, "errors") and result.errors:
|
|
211
|
+
for error in result.errors:
|
|
212
|
+
console.print(f" [red]{error}[/red]")
|
|
213
|
+
|
|
214
|
+
|
|
215
|
+
if __name__ == "__main__":
|
|
216
|
+
cli()
|
|
File without changes
|
|
@@ -0,0 +1,176 @@
|
|
|
1
|
+
# SPDX-License-Identifier: MIT
|
|
2
|
+
# Copyright (c) 2025 OmniNode Team
|
|
3
|
+
#
|
|
4
|
+
# Widget Mapping Configuration for ONEX Registry Dashboard
|
|
5
|
+
#
|
|
6
|
+
# This file defines the mapping from node capabilities and semantic roles
|
|
7
|
+
# to dashboard widget types. Used by the Registry API to inform dashboards
|
|
8
|
+
# which widget to render for each node.
|
|
9
|
+
#
|
|
10
|
+
# Related Tickets:
|
|
11
|
+
# - OMN-1278: Contract-Driven Dashboard - Registry Discovery
|
|
12
|
+
#
|
|
13
|
+
# Widget Types:
|
|
14
|
+
# - status_indicator: Shows health/state with colored indicator
|
|
15
|
+
# - event_feed: Scrolling list of recent events
|
|
16
|
+
# - metric_card: Single metric with value and optional trend
|
|
17
|
+
# - info_card: General information display
|
|
18
|
+
# - status_grid: Grid of status indicators
|
|
19
|
+
# - timeline: Time-based visualization
|
|
20
|
+
# - gauge: Circular progress/threshold indicator
|
|
21
|
+
# - table: Tabular data display
|
|
22
|
+
#
|
|
23
|
+
# Configuration Sections:
|
|
24
|
+
# - version: Schema version for compatibility checking
|
|
25
|
+
# - capability_mappings: Maps capability tags to widget configs
|
|
26
|
+
# - semantic_mappings: Maps semantic roles to widget configs
|
|
27
|
+
# - fallback: Default config when no mapping matches
|
|
28
|
+
version: "1.0.0"
|
|
29
|
+
# Capability Mappings
|
|
30
|
+
# Map specific capability tags to widget configurations.
|
|
31
|
+
# These take precedence over semantic mappings.
|
|
32
|
+
capability_mappings:
|
|
33
|
+
# Health and monitoring capabilities
|
|
34
|
+
health.check:
|
|
35
|
+
widget_type: status_indicator
|
|
36
|
+
defaults:
|
|
37
|
+
show_timestamp: true
|
|
38
|
+
refresh_interval_seconds: 10
|
|
39
|
+
health.heartbeat:
|
|
40
|
+
widget_type: status_indicator
|
|
41
|
+
defaults:
|
|
42
|
+
show_timestamp: true
|
|
43
|
+
show_last_seen: true
|
|
44
|
+
# Event-related capabilities
|
|
45
|
+
event.emit:
|
|
46
|
+
widget_type: event_feed
|
|
47
|
+
defaults:
|
|
48
|
+
max_items: 50
|
|
49
|
+
show_timestamp: true
|
|
50
|
+
auto_scroll: true
|
|
51
|
+
event.consume:
|
|
52
|
+
widget_type: event_feed
|
|
53
|
+
defaults:
|
|
54
|
+
max_items: 50
|
|
55
|
+
show_source: true
|
|
56
|
+
event.transform:
|
|
57
|
+
widget_type: timeline
|
|
58
|
+
defaults:
|
|
59
|
+
show_duration: true
|
|
60
|
+
# Kafka/messaging capabilities
|
|
61
|
+
kafka.consumer:
|
|
62
|
+
widget_type: metric_card
|
|
63
|
+
defaults:
|
|
64
|
+
refresh_interval_seconds: 5
|
|
65
|
+
show_lag: true
|
|
66
|
+
kafka.producer:
|
|
67
|
+
widget_type: metric_card
|
|
68
|
+
defaults:
|
|
69
|
+
refresh_interval_seconds: 5
|
|
70
|
+
show_throughput: true
|
|
71
|
+
kafka.stream:
|
|
72
|
+
widget_type: timeline
|
|
73
|
+
defaults:
|
|
74
|
+
show_offset: true
|
|
75
|
+
# Database capabilities
|
|
76
|
+
postgres.storage:
|
|
77
|
+
widget_type: metric_card
|
|
78
|
+
defaults:
|
|
79
|
+
show_connection_count: true
|
|
80
|
+
refresh_interval_seconds: 10
|
|
81
|
+
postgres.query:
|
|
82
|
+
widget_type: table
|
|
83
|
+
defaults:
|
|
84
|
+
show_query_time: true
|
|
85
|
+
# Service discovery
|
|
86
|
+
consul.register:
|
|
87
|
+
widget_type: status_indicator
|
|
88
|
+
defaults:
|
|
89
|
+
show_service_id: true
|
|
90
|
+
consul.discover:
|
|
91
|
+
widget_type: status_grid
|
|
92
|
+
defaults:
|
|
93
|
+
show_health: true
|
|
94
|
+
group_by: service_name
|
|
95
|
+
# Workflow capabilities
|
|
96
|
+
workflow.orchestrate:
|
|
97
|
+
widget_type: timeline
|
|
98
|
+
defaults:
|
|
99
|
+
show_steps: true
|
|
100
|
+
show_duration: true
|
|
101
|
+
workflow.reduce:
|
|
102
|
+
widget_type: gauge
|
|
103
|
+
defaults:
|
|
104
|
+
show_progress: true
|
|
105
|
+
# Compute capabilities
|
|
106
|
+
compute.transform:
|
|
107
|
+
widget_type: metric_card
|
|
108
|
+
defaults:
|
|
109
|
+
show_throughput: true
|
|
110
|
+
show_latency: true
|
|
111
|
+
compute.validate:
|
|
112
|
+
widget_type: status_indicator
|
|
113
|
+
defaults:
|
|
114
|
+
show_pass_rate: true
|
|
115
|
+
# Effect capabilities
|
|
116
|
+
effect.http:
|
|
117
|
+
widget_type: metric_card
|
|
118
|
+
defaults:
|
|
119
|
+
show_latency: true
|
|
120
|
+
show_error_rate: true
|
|
121
|
+
effect.grpc:
|
|
122
|
+
widget_type: metric_card
|
|
123
|
+
defaults:
|
|
124
|
+
show_latency: true
|
|
125
|
+
show_error_rate: true
|
|
126
|
+
# Semantic Mappings
|
|
127
|
+
# Map semantic roles/contexts to widget configurations.
|
|
128
|
+
# Used when capability_mappings don't match.
|
|
129
|
+
semantic_mappings:
|
|
130
|
+
# Node overview in dashboard
|
|
131
|
+
node_overview:
|
|
132
|
+
widget_type: info_card
|
|
133
|
+
defaults:
|
|
134
|
+
show_version: true
|
|
135
|
+
show_capabilities: true
|
|
136
|
+
show_state: true
|
|
137
|
+
# Instance health grid
|
|
138
|
+
instance_health:
|
|
139
|
+
widget_type: status_grid
|
|
140
|
+
defaults:
|
|
141
|
+
group_by: service_name
|
|
142
|
+
show_address: true
|
|
143
|
+
show_port: true
|
|
144
|
+
# Registration timeline
|
|
145
|
+
registration_timeline:
|
|
146
|
+
widget_type: timeline
|
|
147
|
+
defaults:
|
|
148
|
+
show_state_transitions: true
|
|
149
|
+
show_timestamps: true
|
|
150
|
+
# Capability matrix
|
|
151
|
+
capability_matrix:
|
|
152
|
+
widget_type: table
|
|
153
|
+
defaults:
|
|
154
|
+
group_by: node_type
|
|
155
|
+
show_capability_tags: true
|
|
156
|
+
# Summary statistics
|
|
157
|
+
summary_stats:
|
|
158
|
+
widget_type: metric_card
|
|
159
|
+
defaults:
|
|
160
|
+
show_trend: true
|
|
161
|
+
compare_to_previous: true
|
|
162
|
+
# Error monitoring
|
|
163
|
+
error_monitoring:
|
|
164
|
+
widget_type: event_feed
|
|
165
|
+
defaults:
|
|
166
|
+
filter_level: error
|
|
167
|
+
max_items: 100
|
|
168
|
+
highlight_critical: true
|
|
169
|
+
# Fallback Configuration
|
|
170
|
+
# Used when no capability or semantic mapping matches.
|
|
171
|
+
fallback:
|
|
172
|
+
widget_type: info_card
|
|
173
|
+
defaults:
|
|
174
|
+
show_name: true
|
|
175
|
+
show_state: true
|
|
176
|
+
show_type: true
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# SPDX-License-Identifier: MIT
|
|
2
|
+
# Copyright (c) 2025 OmniNode Team
|
|
3
|
+
"""Topic pattern constants for event bus topic validation.
|
|
4
|
+
|
|
5
|
+
This module provides shared regex patterns for validating event bus topic names.
|
|
6
|
+
These patterns are used across multiple modules (e.g., MixinConsulTopicIndex,
|
|
7
|
+
MixinNodeIntrospection) to ensure consistent topic validation.
|
|
8
|
+
|
|
9
|
+
Note:
|
|
10
|
+
This module is intentionally dependency-free (no imports from omnibase_infra)
|
|
11
|
+
to avoid circular import issues. Keep it that way.
|
|
12
|
+
"""
|
|
13
|
+
|
|
14
|
+
from __future__ import annotations
|
|
15
|
+
|
|
16
|
+
import re
|
|
17
|
+
from typing import Final
|
|
18
|
+
|
|
19
|
+
# Topic name pattern: alphanumeric, underscores, hyphens, and periods only.
|
|
20
|
+
# This matches Kafka/Redpanda topic naming conventions and ensures safe
|
|
21
|
+
# interpolation into Consul KV paths (prevents path traversal via slashes).
|
|
22
|
+
# Pattern: ^[a-zA-Z0-9._-]+$
|
|
23
|
+
TOPIC_NAME_PATTERN: Final[re.Pattern[str]] = re.compile(r"^[a-zA-Z0-9._-]+$")
|
|
24
|
+
|
|
25
|
+
|
|
26
|
+
__all__: list[str] = ["TOPIC_NAME_PATTERN"]
|
|
@@ -0,0 +1,264 @@
|
|
|
1
|
+
# Handler ID follows convention: {node_type}.{domain}.handler
|
|
2
|
+
handler_id: effect.filesystem.handler
|
|
3
|
+
name: FileSystem Handler
|
|
4
|
+
contract_version:
|
|
5
|
+
major: 1
|
|
6
|
+
minor: 0
|
|
7
|
+
patch: 0
|
|
8
|
+
description: >
|
|
9
|
+
Effect handler for filesystem operations including read, write, list, delete, and directory management.
|
|
10
|
+
|
|
11
|
+
descriptor:
|
|
12
|
+
node_archetype: effect
|
|
13
|
+
purity: side_effecting
|
|
14
|
+
# Idempotent: false because write operations may append (non-idempotent).
|
|
15
|
+
# Individual operations (write w/ overwrite, mkdir w/ exist_ok) can be
|
|
16
|
+
# idempotent, but the handler as a whole supports non-idempotent semantics.
|
|
17
|
+
idempotent: false
|
|
18
|
+
# TIMEOUT CONFIGURATION (30 seconds)
|
|
19
|
+
# ---------------------------------
|
|
20
|
+
# While typical local filesystem I/O completes in milliseconds, 30 seconds
|
|
21
|
+
# accommodates these legitimate scenarios:
|
|
22
|
+
#
|
|
23
|
+
# 1. Network-mounted filesystems (NFS, CIFS, SSHFS) with latency up to seconds
|
|
24
|
+
# 2. Large file operations: max_file_size_bytes (10MB) on slow storage
|
|
25
|
+
# 3. Container volume mounts with additional abstraction overhead
|
|
26
|
+
# 4. High disk I/O contention in shared infrastructure environments
|
|
27
|
+
# 5. Spinning disk storage (HDDs) vs SSDs in mixed deployments
|
|
28
|
+
#
|
|
29
|
+
# OVERRIDE GUIDANCE:
|
|
30
|
+
# - Reduce to 5000ms for latency-sensitive, local-only deployments
|
|
31
|
+
# - Increase to 60000ms for known slow NAS/SAN storage
|
|
32
|
+
# - Consider per-operation timeouts in handler implementation for fine-grained control
|
|
33
|
+
#
|
|
34
|
+
# CIRCUIT BREAKER RELATIONSHIP:
|
|
35
|
+
# Circuit breaker timeout (60000ms) is intentionally 2x handler timeout to ensure:
|
|
36
|
+
# - Individual operations timeout before circuit evaluation
|
|
37
|
+
# - Circuit tracks failure patterns, not just slow operations
|
|
38
|
+
# - Proper failure sequence: timeout → retry exhaustion → circuit threshold
|
|
39
|
+
timeout_ms: 30000
|
|
40
|
+
retry_policy:
|
|
41
|
+
enabled: true
|
|
42
|
+
max_retries: 3
|
|
43
|
+
backoff_strategy: exponential
|
|
44
|
+
base_delay_ms: 500
|
|
45
|
+
max_delay_ms: 10000
|
|
46
|
+
circuit_breaker:
|
|
47
|
+
enabled: true
|
|
48
|
+
failure_threshold: 5
|
|
49
|
+
# Reset timeout: 60s = 2x handler timeout_ms (30s). This ensures the circuit
|
|
50
|
+
# stays open long enough for transient issues to resolve while allowing
|
|
51
|
+
# recovery attempts. See timeout_ms comment above for relationship details.
|
|
52
|
+
timeout_ms: 60000
|
|
53
|
+
# Serialized: Prevents race conditions for write operations to same file.
|
|
54
|
+
# Read-only operations could use concurrent policy, but handler scope
|
|
55
|
+
# includes writes so we use serialized for safety.
|
|
56
|
+
concurrency_policy: serialized
|
|
57
|
+
isolation_policy: none
|
|
58
|
+
observability_level: standard
|
|
59
|
+
capability_outputs:
|
|
60
|
+
- filesystem.read
|
|
61
|
+
- filesystem.write
|
|
62
|
+
- filesystem.list
|
|
63
|
+
- filesystem.delete
|
|
64
|
+
- filesystem.mkdir
|
|
65
|
+
# NOTE: Models defined in OMN-1160 (FileSystemHandler Contract)
|
|
66
|
+
input_model: omnibase_infra.handlers.filesystem.ModelFileSystemRequest
|
|
67
|
+
output_model: omnibase_infra.handlers.filesystem.ModelFileSystemResult
|
|
68
|
+
supports_lifecycle: true
|
|
69
|
+
supports_health_check: true
|
|
70
|
+
supports_provisioning: false
|
|
71
|
+
tags:
|
|
72
|
+
- filesystem
|
|
73
|
+
- effect
|
|
74
|
+
- infrastructure
|
|
75
|
+
metadata:
|
|
76
|
+
author: OmniNode Team
|
|
77
|
+
ticket: OMN-1160
|
|
78
|
+
security:
|
|
79
|
+
# =========================================================================
|
|
80
|
+
# SECURITY CONFIGURATION
|
|
81
|
+
# =========================================================================
|
|
82
|
+
# This section defines comprehensive security constraints for filesystem
|
|
83
|
+
# operations. Implementers MUST enforce all constraints documented here.
|
|
84
|
+
# =========================================================================
|
|
85
|
+
|
|
86
|
+
# -------------------------------------------------------------------------
|
|
87
|
+
# PATH RESTRICTIONS
|
|
88
|
+
# -------------------------------------------------------------------------
|
|
89
|
+
# SECURITY: Handler implementation MUST enforce these constraints:
|
|
90
|
+
# - Validate all paths are within allowed_paths before operations
|
|
91
|
+
# - Use Path.resolve() to canonicalize paths and prevent ../ attacks
|
|
92
|
+
# - Check symlinks don't point outside allowed paths (TOCTOU mitigation)
|
|
93
|
+
# - Reject absolute paths that escape the workspace
|
|
94
|
+
allowed_paths:
|
|
95
|
+
- "${WORKSPACE_ROOT}"
|
|
96
|
+
# -------------------------------------------------------------------------
|
|
97
|
+
# FILE SIZE LIMITS
|
|
98
|
+
# -------------------------------------------------------------------------
|
|
99
|
+
# Maximum file size for read/write operations (10 MB default).
|
|
100
|
+
# Prevents memory exhaustion attacks and limits blast radius.
|
|
101
|
+
max_file_size_bytes: 10485760
|
|
102
|
+
# -------------------------------------------------------------------------
|
|
103
|
+
# CONFIGURATION REQUIREMENTS
|
|
104
|
+
# -------------------------------------------------------------------------
|
|
105
|
+
# Documents required environment variables and initialization behavior.
|
|
106
|
+
configuration_requirements:
|
|
107
|
+
environment_variables:
|
|
108
|
+
WORKSPACE_ROOT:
|
|
109
|
+
required: true
|
|
110
|
+
description: >
|
|
111
|
+
Base directory for all filesystem operations. All paths are validated to be within this directory tree.
|
|
112
|
+
|
|
113
|
+
# CRITICAL: Handler MUST fail initialization if not set.
|
|
114
|
+
# This prevents accidental access to system files when misconfigured.
|
|
115
|
+
# Do NOT fall back to "/" or "." as this would expose the entire
|
|
116
|
+
# filesystem or current working directory.
|
|
117
|
+
missing_behavior: fail_initialization
|
|
118
|
+
validation:
|
|
119
|
+
- must_be_absolute_path
|
|
120
|
+
- must_exist
|
|
121
|
+
- must_be_directory
|
|
122
|
+
# Handler initialization MUST verify all required env vars before
|
|
123
|
+
# accepting any requests. Fail-fast prevents security misconfigurations.
|
|
124
|
+
initialization_policy: fail_fast_on_missing_config
|
|
125
|
+
# -------------------------------------------------------------------------
|
|
126
|
+
# FILE PERMISSION HANDLING
|
|
127
|
+
# -------------------------------------------------------------------------
|
|
128
|
+
# Strategy for handling file permissions during create/write operations.
|
|
129
|
+
file_permissions:
|
|
130
|
+
# Default permissions for newly created files (octal notation).
|
|
131
|
+
# 0o644 = owner read/write, group/other read-only.
|
|
132
|
+
default_file_mode: "0644"
|
|
133
|
+
# Default permissions for newly created directories.
|
|
134
|
+
# 0o755 = owner full access, group/other read/execute.
|
|
135
|
+
default_directory_mode: "0755"
|
|
136
|
+
# Whether to preserve existing permissions on overwrite.
|
|
137
|
+
# true = keep existing permissions, false = apply defaults.
|
|
138
|
+
preserve_on_overwrite: true
|
|
139
|
+
# SECURITY: Handler runs with process permissions. It cannot grant
|
|
140
|
+
# permissions beyond what the process user has. Operations that would
|
|
141
|
+
# require elevated privileges MUST fail with PermissionError.
|
|
142
|
+
# Do NOT attempt to use sudo or privilege escalation.
|
|
143
|
+
privilege_escalation: forbidden
|
|
144
|
+
# -------------------------------------------------------------------------
|
|
145
|
+
# RATE LIMITING
|
|
146
|
+
# -------------------------------------------------------------------------
|
|
147
|
+
# Rate limiting strategy for filesystem operations.
|
|
148
|
+
rate_limiting:
|
|
149
|
+
# NOTE: Rate limiting is DEFERRED to the orchestration layer.
|
|
150
|
+
# Rationale: The handler is a low-level effect that processes one
|
|
151
|
+
# request at a time (serialized concurrency). Rate limiting is more
|
|
152
|
+
# effectively implemented at:
|
|
153
|
+
# - API gateway level (request rate per client)
|
|
154
|
+
# - Orchestrator level (workflow-aware throttling)
|
|
155
|
+
# - Resource manager level (system-wide I/O limits)
|
|
156
|
+
#
|
|
157
|
+
# If handler-level rate limiting becomes necessary, implement using:
|
|
158
|
+
# - Token bucket algorithm for burst tolerance
|
|
159
|
+
# - Separate limits for read vs write operations
|
|
160
|
+
# - Correlation ID tracking to prevent single-client abuse
|
|
161
|
+
enabled: false
|
|
162
|
+
deferred_to: orchestration_layer
|
|
163
|
+
# Future implementation considerations:
|
|
164
|
+
future_considerations:
|
|
165
|
+
- per_operation_limits: "Different limits for read (high) vs write (low)"
|
|
166
|
+
- burst_allowance: "Token bucket with 10-request burst"
|
|
167
|
+
- backpressure_signal: "Return 429 with Retry-After header"
|
|
168
|
+
# -------------------------------------------------------------------------
|
|
169
|
+
# TOCTOU (Time-of-Check-Time-of-Use) MITIGATION
|
|
170
|
+
# -------------------------------------------------------------------------
|
|
171
|
+
# Strategies to mitigate race conditions between path validation and use.
|
|
172
|
+
toctou_mitigation:
|
|
173
|
+
# SECURITY: TOCTOU vulnerabilities occur when an attacker modifies the
|
|
174
|
+
# filesystem between our security check and the actual operation.
|
|
175
|
+
# Example attack: symlink is validated as safe, then replaced with a
|
|
176
|
+
# symlink to /etc/passwd before the read operation.
|
|
177
|
+
strategies:
|
|
178
|
+
# 1. Open file handles immediately after validation
|
|
179
|
+
# Use os.open() with O_NOFOLLOW to prevent symlink races, then
|
|
180
|
+
# perform operations on the file descriptor, not the path.
|
|
181
|
+
- strategy: use_file_descriptors
|
|
182
|
+
description: >
|
|
183
|
+
Open files immediately after path validation and operate on file descriptors rather than paths. This binds the operation to the specific inode, not the path.
|
|
184
|
+
|
|
185
|
+
implementation_note: >
|
|
186
|
+
Use os.open(path, os.O_RDONLY | os.O_NOFOLLOW) for reads. For writes, use O_CREAT | O_EXCL for new files to prevent symlink-based attacks.
|
|
187
|
+
|
|
188
|
+
# 2. Atomic operations where possible
|
|
189
|
+
# Use rename() for atomic file replacement, mkdir() with exist_ok=False
|
|
190
|
+
# to detect races.
|
|
191
|
+
- strategy: atomic_operations
|
|
192
|
+
description: >
|
|
193
|
+
Use atomic filesystem operations. Write to temp file then rename() for atomic replacement. Use O_EXCL flag to fail if file already exists (detects races).
|
|
194
|
+
|
|
195
|
+
implementation_note: >
|
|
196
|
+
tempfile.NamedTemporaryFile with delete=False, write content, then os.rename() to target. Rename is atomic on POSIX.
|
|
197
|
+
|
|
198
|
+
# 3. Re-validate after open
|
|
199
|
+
# After opening, verify the file descriptor points to expected location.
|
|
200
|
+
- strategy: post_open_validation
|
|
201
|
+
description: >
|
|
202
|
+
After opening a file handle, verify it still points to the expected location using os.fstat() and comparing device/inode.
|
|
203
|
+
|
|
204
|
+
implementation_note: >
|
|
205
|
+
Store (st_dev, st_ino) from os.stat() before open, compare with os.fstat(fd) after open. Mismatch indicates race.
|
|
206
|
+
|
|
207
|
+
# 4. Serialized concurrency (already configured)
|
|
208
|
+
# The serialized concurrency_policy in descriptor prevents parallel
|
|
209
|
+
# operations that could race with each other.
|
|
210
|
+
- strategy: serialized_operations
|
|
211
|
+
description: >
|
|
212
|
+
Handler uses serialized concurrency policy, preventing parallel handler invocations that could race.
|
|
213
|
+
|
|
214
|
+
note: Already configured in descriptor.concurrency_policy
|
|
215
|
+
# SECURITY: Symlink handling is critical for TOCTOU mitigation.
|
|
216
|
+
# Symlinks can be weaponized to escape allowed_paths.
|
|
217
|
+
symlink_policy:
|
|
218
|
+
# Whether to follow symlinks during path resolution.
|
|
219
|
+
# false = safer, prevents symlink-based escapes
|
|
220
|
+
# true = more flexible, but requires careful validation
|
|
221
|
+
follow_symlinks: false
|
|
222
|
+
# When follow_symlinks is true, validate that the resolved path
|
|
223
|
+
# is still within allowed_paths AFTER following all symlinks.
|
|
224
|
+
validate_resolved_path: true
|
|
225
|
+
# Maximum symlink depth to follow (prevents infinite loops).
|
|
226
|
+
max_symlink_depth: 10
|
|
227
|
+
# Reject symlinks that point outside allowed_paths.
|
|
228
|
+
reject_external_targets: true
|
|
229
|
+
# -------------------------------------------------------------------------
|
|
230
|
+
# INPUT VALIDATION
|
|
231
|
+
# -------------------------------------------------------------------------
|
|
232
|
+
# All inputs MUST be validated before use.
|
|
233
|
+
input_validation:
|
|
234
|
+
# Path validation requirements
|
|
235
|
+
path_validation:
|
|
236
|
+
- reject_null_bytes: true # Prevents null byte injection
|
|
237
|
+
- reject_control_chars: true # Prevents terminal injection
|
|
238
|
+
- max_path_length: 4096 # Prevents buffer overflow attacks
|
|
239
|
+
- max_filename_length: 255 # Filesystem limit
|
|
240
|
+
- reject_reserved_names: true # CON, PRN, etc. on Windows
|
|
241
|
+
# Content validation for write operations
|
|
242
|
+
content_validation:
|
|
243
|
+
- enforce_max_file_size: true # See max_file_size_bytes
|
|
244
|
+
- encoding_validation: optional # UTF-8 validation when applicable
|
|
245
|
+
# -------------------------------------------------------------------------
|
|
246
|
+
# AUDIT AND LOGGING
|
|
247
|
+
# -------------------------------------------------------------------------
|
|
248
|
+
# Security-relevant events that MUST be logged.
|
|
249
|
+
audit_logging:
|
|
250
|
+
# Events that MUST be logged for security audit trail
|
|
251
|
+
required_events:
|
|
252
|
+
- path_validation_failure # Attempted access outside allowed_paths
|
|
253
|
+
- symlink_escape_attempt # Symlink pointed outside allowed_paths
|
|
254
|
+
- permission_denied # OS-level permission failure
|
|
255
|
+
- file_size_exceeded # Attempted to read/write oversized file
|
|
256
|
+
- initialization_failure # Handler failed to initialize (missing env)
|
|
257
|
+
# Log level for security events
|
|
258
|
+
security_event_level: warning
|
|
259
|
+
# Include correlation_id in all logs for request tracing
|
|
260
|
+
include_correlation_id: true
|
|
261
|
+
# SECURITY: Never log file contents - only metadata
|
|
262
|
+
never_log:
|
|
263
|
+
- file_contents
|
|
264
|
+
- binary_data
|